package auth;

import java.io.IOException;
import java.util.StringTokenizer;

import javax.ejb.EJB;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

import model.User;
import sun.misc.BASE64Decoder;
import util.WebServiceException;
import dao.GenericDAO;

/**
 * Central point of entrance for authentication purposes.
 * 
 * 
 * @author Dennis Eicker
 */
@WebFilter(urlPatterns = { "/*" })
public class AuthenticationFilter implements Filter {

	@Inject
	private SecurityManager securityContext;

	@EJB
	private GenericDAO dao;

	@Override
	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		doFilterBasicAuth(req, res, chain);
	}

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
	}

	@Override
	public void destroy() {
	}

	private void doFilterBasicAuth(ServletRequest req, ServletResponse res,
			FilterChain chain) throws ServletException, IOException {
		
		//FIXME
		chain.doFilter(req, res);
		return;
		/*

		String userName = "";
		String password = "";

		HttpServletRequest request = (HttpServletRequest) req;

		// Get the Authorization header, if one was supplied
		String authHeader = request.getHeader("Authorization");
		if (authHeader != null) {
			StringTokenizer st = new StringTokenizer(authHeader);
			if (st.hasMoreTokens()) {
				String basic = st.nextToken();

				// We only handle HTTP Basic authentication
				if (basic.equalsIgnoreCase("Basic")) {
					String credentials = st.nextToken();

					BASE64Decoder decoder = new BASE64Decoder();
					String userPass = new String(
							decoder.decodeBuffer(credentials));

					// The decoded string is in the form
					// "userName:password".

					int p = userPass.indexOf(":");
					if (p != -1) {
						userName = userPass.substring(0, p);
						password = userPass.substring(p + 1);
						// CASE NO AUTH
						if (userName == null || userName.length() < 3
								|| userName.length() > 15) {
							securityContext.setUser(null);
							chain.doFilter(req, res);
							return;
						}
						User authenticatedUser = null;
						try {
							authenticatedUser = (User) dao
									.executeQuerySingleResult(
											"User.findByUserName",
											new Object[] { userName });
						} catch (CustomException e) {
							e.printStackTrace();
						}

						// check if user exists
						if (authenticatedUser != null) {

							// check if user is authenticated
							if (authenticatedUser.getPassword()
									.equals(password)) {

								securityContext.setUser(authenticatedUser);
								chain.doFilter(req, res);
								return;

							}

						}
					} else {
						securityContext.setUser(null);
					}

				}
				chain.doFilter(req, res);
				

			}
		}*/
	}
}